For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

tiwang's avatar
tiwang
Icon for Nimbostratus rankNimbostratus
Jun 07, 2013

SSO for webserver

Hi out there     I need an idea how I can awoid my users in cheating me.   I have a SSO setup where I through a client initiated webform do a SSO login to a webserver. After this the APM j...
config
design
tiwang's avatar
tiwang
Icon for Nimbostratus rankNimbostratus
Jun 18, 2013
Hi again Kevin

 

OK - changed the Client initiated SSO Detect form to URI and just entered

 

/ and /default.htm

 

and looks as if it works - now I cannot cheat the logon form any more but get "auto-logged" on.

 

On the right part of the window in the F5 GUI there is "Headers in the SSO Configuration" - when would they be used?

 

 

btw - when I am running in the application the username and password is displayed in clear text as part of the URL - they are used as parameters directly to the database behind the webserver. How can I mask these strings ? I have an idea about a table on the F5 which keeps these strings and masks them when send to the client - is this possibly somehow?

 

 

best regards /ti